Imperva Cyber Security Blog

Today’s front
page NYT story is about how the Chinese went after the NYT for publishing
disparaging stories about Chinese government officials. The same reporter
who wrote the NYT story on antivirus also wrote this story about Chinese
hackers. Note something interesting:

Out of the 45 different pieces
of malware planted on the Times‘ systems over the course of three months, just
one of those programs was spotted by the Symantec antivirus software the
Times used…

One out of 45 is about 2%, very much like the results of our
antivirus study, which was referenced in this Forbes article
bashing Symantec:

… analysis performed by the
security firm Imperva along with the Technion Israeli Institute of Technology
found that antivirus managed to detect only 5% of new threats, and that it took
an average of four weeks for antivirus firms to identify a new piece of
malicious code. “Although vendors try to update their detection mechanisms, the
initial detection rate of new viruses is nearly zero. We believe that the
majority of antivirus products on the market can’t keep up with the rate of
virus propagation on the Internet,” their paper reads.

Here’s the message for security: rebalance the
security portfolio. Use free antivirus and spend some money modernizing your security strategy.

I recently talked to a CISO who said he buys AV
because of legal reasons. If someone is infected, which he knows will happen, he
has a legal defense to say ‘I did what I could.’ But he also knows AV won't work. If customers are buying AV to
appease lawyers versus protecting an enterprise, something isn't right.

Symantec’s response essentially blaming the Times--their customer!--for the failure gives some insight into what isn't right. Their reaction reminded me of a key tenet Clayton Christensen's The Innovator's Dilemma. In the book, Christensen notes that big companies fail to innovate because customers often ask for
better versions of current products when they really need a new technology.
Customers, according to Christensen, become a barrier to innovation. Symantec's reaction, explaining that if the Times had turned on more functionality they'd have been safer, is the best illustrations of the innovator's dilemma you'll ever see.